Davide Tabarelli [http://community.jboss.org/people/giantPM] replied to the discussion
"Security principal propagation accross ejb3 modules" To view the discussion, visit: http://community.jboss.org/message/544697#544697 -------------------------------------------------------------- No one is answering me ... maybe my question is too newbie/stupid or ill-posed ?? I suppose the last (ill-posed) and therefore I try to explain it again better. As far as I know, credential/principal has to be propagated within ejb modules in the same JVM/JBoss instance, but it seems this doesn't happen in my system (JBoss 5.1.0 GA). The situation: - Two EJB modules in an EAR. Same security realm. - A client (web or standalone ... doesn't matter) calls a method A inside a session bean in EJB A. - The client is authenticated as Principal="SomeOne", Role="MyRole". - The method requires role "MyRole" by means of @RolesAllowed("MyRole") - The method A in turns calls a method B, that is inside another session bean in EJB B. - Also the method B is marked with @RolesAllowed("MyRole"). - Resulting exception: "javax.ejb.EJBAccessException: Caller unauthorized" Looking into the logs (TRACE level) it points out that: 1) The call to the method A is succerssfully authenticated (Principal="SomeOne", Role="MyRole"). 2) The principal/credentials get lost in the subsequent call to method B (Principal=anonymous). Someone faced this issue before? Thanking you in advance. D. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/544697#544697] Start a new discussion in EJB 3.0 at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]
_______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
